ParamSpider - Mining Parameters From Dark Corners Of Web Archives

2020-07-11T13:00:00

Description

[![](https://1.bp.blogspot.com/-sdJpZxPO4YA/XwKi3AGEllI/AAAAAAAATCI/KgDID7KTY8caUZYZuhO7iZkEq4vTxfLOACNcBGAsYHQ/s640/ParamSpider_1_banner.png)](<https://1.bp.blogspot.com/-sdJpZxPO4YA/XwKi3AGEllI/AAAAAAAATCI/KgDID7KTY8caUZYZuhO7iZkEq4vTxfLOACNcBGAsYHQ/s1600/ParamSpider_1_banner.png>) ParamSpider : Parameter miner for humans. **Key Features :** * Finds parameters from web archives of the entered domain. * Finds parameters from [subdomains](<https://www.kitploit.com/search/label/Subdomains> "subdomains" ) as well. * Gives support to exclude urls with specific extensions. * Saves the output result in a nice and clean manner. * It mines the parameters from web archives (without interacting with the target host) **Usage instructions :** Note : Use python 3.7+ $ git clone https://github.com/devanshbatham/ParamSpider $ cd ParamSpider $ pip3 install -r requirements.txt $ python3 paramspider.py --domain hackerone.com **Usage options :** 1 - For a simple scan [without the --exclude parameter] $ python3 paramspider.py --domain hackerone.com -> Output ex : https://hackerone.com/test.php?q=FUZZ 2 - For excluding urls with specific extensions $ python3 paramspider.py --domain hackerone.com --exclude php,jpg,svg 3 - For finding nested parameters $ python3 paramspider.py --domain hackerone.com --level high -> Output ex : https://hackerone.com/test.php?p=test&q=FUZZ 4 - Saving the results $ python3 paramspider.py --domain hackerone.com --exclude php,jpg --output hackerone.txt 5 - Using with a custom placeholder text (default is FUZZ), e.g. don't add a placeholder $ python3 paramspider.py --domain hackerone.com --placeholder FUZZ2 6 - Using the quiet mode (without printing the URLs on screen) $ python3 paramspider.py --domain hackerone.com --quiet 7 - Exclude subdomains [for parameters from domain+subdomains, do not spe cify this argument] $ python3 paramspider.py --domain hackerone.com --subs False **ParamSpider + GF (for massive pwnage)** Lets say you have already installed ParamSpider and now you want to filter out the juicy parameters from plethora of parameters. No worries you can easily do it using [GF(by tomnomnom)](<https://github.com/tomnomnom/gf> "GF$by tomnomnom$" ) . **Note** : Make sure you have [go](<https://golang.org/doc/install> "go" ) properly installed on your machine . **Follow along this :** $ go get -u github.com/tomnomnom/gf $ cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf Note : Replace '/User/levi/go/bin/gf' with the path where gf binary is located in your system. $ alias gf='/User/levi/go/bin/gf' $ cd ~/.gf/ Note : Paste JSON files(https://github.com/devanshbatham/ParamSpider/tree/master/gf_profiles) in ~/.gf/ folder Now run ParamSpider and navigate to the output directory $ gf redirect domain.txt //for potential open redirect/SSRF parameters $ gf xss domain.txt //for potential xss [vulnerable](<https://www.kitploit.com/search/label/Vulnerable> "vulnerable" ) parameters $ gf potential domain.txt //for xss + ssrf + [open redirect](<https://www.kitploit.com/search/label/Open%20Redirect> "open redirect" ) parameters $ gf [wordpress](<https://www.kitploit.com/search/label/WordPress> "wordpress" ) domain.txt //for wordpress urls [More GF profiles to be added in future] **Example :** $ python3 paramspider.py --domain bugcrowd.com --exclude woff,css,js,png,svg,php,jpg --output bugcrowd.txt [![](https://1.bp.blogspot.com/-hYVGjdzKiCY/XwKjNLSXV-I/AAAAAAAATCQ/tdzxpAYAUWkJ1SUf079SIAw8YEyPiIDuACNcBGAsYHQ/s640/ParamSpider_2_example.png)](<https://1.bp.blogspot.com/-hYVGjdzKiCY/XwKjNLSXV-I/AAAAAAAATCQ/tdzxpAYAUWkJ1SUf079SIAw8YEyPiIDuACNcBGAsYHQ/s1600/ParamSpider_2_example.png>) **Note :** As it fetches the parameters from web archive data , so chances of false positives are high. **Contributing to ParamSpider :** * Report bugs , missing best practices * Shoot my [DM](<https://twitter.com/0xAsm0d3us> "DM" ) with new ideas * Make more GF profiles (.json files) * Help in Fixing bugs * Submit Pull requests **Twitter:** **Say hello** : [0xAsm0d3us](<https://twitter.com/0xAsm0d3us> "0xAsm0d3us" ) **[Download ParamSpider](<https://github.com/devanshbatham/ParamSpider> "Download ParamSpider" )**

{"id": "KITPLOIT:4645809597186730001", "vendorId": null, "type": "kitploit", "bulletinFamily": "tools", "title": "ParamSpider - Mining Parameters From Dark Corners Of Web Archives", "description": "[![](https://1.bp.blogspot.com/-sdJpZxPO4YA/XwKi3AGEllI/AAAAAAAATCI/KgDID7KTY8caUZYZuhO7iZkEq4vTxfLOACNcBGAsYHQ/s640/ParamSpider_1_banner.png)](<https://1.bp.blogspot.com/-sdJpZxPO4YA/XwKi3AGEllI/AAAAAAAATCI/KgDID7KTY8caUZYZuhO7iZkEq4vTxfLOACNcBGAsYHQ/s1600/ParamSpider_1_banner.png>)\n\n \nParamSpider : Parameter miner for humans. \n \n \n**Key Features :** \n\n\n * Finds parameters from web archives of the entered domain. \n\n * Finds parameters from [subdomains](<https://www.kitploit.com/search/label/Subdomains> \"subdomains\" ) as well. \n\n * Gives support to exclude urls with specific extensions. \n\n * Saves the output result in a nice and clean manner. \n\n * It mines the parameters from web archives (without interacting with the target host)\n \n**Usage instructions :** \n\n \n \n Note : Use python 3.7+\n \n $ git clone https://github.com/devanshbatham/ParamSpider\n $ cd ParamSpider\n $ pip3 install -r requirements.txt\n $ python3 paramspider.py --domain hackerone.com\n\n \n**Usage options :** \n\n \n \n 1 - For a simple scan [without the --exclude parameter]\n $ python3 paramspider.py --domain hackerone.com\n -> Output ex : https://hackerone.com/test.php?q=FUZZ\n \n 2 - For excluding urls with specific extensions\n $ python3 paramspider.py --domain hackerone.com --exclude php,jpg,svg\n \n 3 - For finding nested parameters\n $ python3 paramspider.py --domain hackerone.com --level high\n -> Output ex : https://hackerone.com/test.php?p=test&q=FUZZ\n \n 4 - Saving the results\n $ python3 paramspider.py --domain hackerone.com --exclude php,jpg --output hackerone.txt\n \n 5 - Using with a custom placeholder text (default is FUZZ), e.g. don't add a placeholder\n $ python3 paramspider.py --domain hackerone.com --placeholder FUZZ2\n \n 6 - Using the quiet mode (without printing the URLs on screen)\n $ python3 paramspider.py --domain hackerone.com --quiet\n \n 7 - Exclude subdomains [for parameters from domain+subdomains, do not spe cify this argument]\n $ python3 paramspider.py --domain hackerone.com --subs False \n\n \n**ParamSpider + GF (for massive pwnage)** \nLets say you have already installed ParamSpider and now you want to filter out the juicy parameters from plethora of parameters. No worries you can easily do it using [GF(by tomnomnom)](<https://github.com/tomnomnom/gf> \"GF\$by tomnomnom\$\" ) . \n**Note** : Make sure you have [go](<https://golang.org/doc/install> \"go\" ) properly installed on your machine . \n**Follow along this :** \n\n \n \n $ go get -u github.com/tomnomnom/gf\n $ cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf\n \n Note : Replace '/User/levi/go/bin/gf' with the path where gf binary is located in your system.\n \n $ alias gf='/User/levi/go/bin/gf'\n $ cd ~/.gf/\n \n Note : Paste JSON files(https://github.com/devanshbatham/ParamSpider/tree/master/gf_profiles) in ~/.gf/ folder\n \n Now run ParamSpider and navigate to the output directory\n \n $ gf redirect domain.txt //for potential open redirect/SSRF parameters\n $ gf xss domain.txt //for potential xss [vulnerable](<https://www.kitploit.com/search/label/Vulnerable> \"vulnerable\" ) parameters\n $ gf potential domain.txt //for xss + ssrf + [open redirect](<https://www.kitploit.com/search/label/Open%20Redirect> \"open redirect\" ) parameters\n $ gf [wordpress](<https://www.kitploit.com/search/label/WordPress> \"wordpress\" ) domain.txt //for wordpress urls\n \n [More GF profiles to be added in future]\n\n \n**Example :** \n\n \n \n $ python3 paramspider.py --domain bugcrowd.com --exclude woff,css,js,png,svg,php,jpg --output bugcrowd.txt\n\n \n\n\n[![](https://1.bp.blogspot.com/-hYVGjdzKiCY/XwKjNLSXV-I/AAAAAAAATCQ/tdzxpAYAUWkJ1SUf079SIAw8YEyPiIDuACNcBGAsYHQ/s640/ParamSpider_2_example.png)](<https://1.bp.blogspot.com/-hYVGjdzKiCY/XwKjNLSXV-I/AAAAAAAATCQ/tdzxpAYAUWkJ1SUf079SIAw8YEyPiIDuACNcBGAsYHQ/s1600/ParamSpider_2_example.png>)\n\n \n**Note :** \n\n \n \n As it fetches the parameters from web archive data ,\n so chances of false positives are high.\n\n \n**Contributing to ParamSpider :** \n\n\n * Report bugs , missing best practices\n * Shoot my [DM](<https://twitter.com/0xAsm0d3us> \"DM\" ) with new ideas\n * Make more GF profiles (.json files)\n * Help in Fixing bugs\n * Submit Pull requests\n \n**Twitter:** \n**Say hello** : [0xAsm0d3us](<https://twitter.com/0xAsm0d3us> \"0xAsm0d3us\" ) \n \n \n\n\n**[Download ParamSpider](<https://github.com/devanshbatham/ParamSpider> \"Download ParamSpider\" )**\n", "published": "2020-07-11T13:00:00", "modified": "2020-07-11T13:00:07", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2020/07/paramspider-mining-parameters-from-dark.html", "reporter": "KitPloit", "references": ["https://github.com/devanshbatham/ParamSpider", "https://github.com/tomnomnom/gf"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-07T12:02:48", "viewCount": 20, "enchantments": {"dependencies": {}, "score": {"value": -0.4, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.4}, "_state": {"dependencies": 1659879600, "score": 1659826651}, "_internal": {"score_hash": "fd639a353eddc32c142d6a3ff69430e3"}, "toolHref": "https://github.com/devanshbatham/ParamSpider"}